Analysis Overview
SHA256
6c190cc4962e5e749492247c7545d0f8a01a3b3141397a2fa64c2924ea710acc
Threat Level: Shows suspicious behavior
The file SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Modifies file permissions
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 03:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 03:17
Reported
2024-05-26 03:19
Platform
win7-20240221-en
Max time kernel
148s
Max time network
124s
Command Line
Signatures
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication | C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name = "windowslauncher.exe" | C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication | C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name = "Session Elevation Helper" | C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\session_win.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\crs-agent.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\crs-agent.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\charsets.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\charsets.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\jsse.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\jsse.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\jaccess.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\jaccess.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunpkcs11.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge-32.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge-32.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\openjsse.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\openjsse.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\legacy8ujsse.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\cldrdata.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\cldrdata.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunmscapi.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunmscapi.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\rt.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\rt.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\windowslauncher.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\windowslauncher.exe" "-Xshare:dump"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote SupportECompatibility.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote SupportECompatibility.exe" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693450833-5\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 jwrapper.JWrapper "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693450833-5\unrestricted\JWLaunchProperties-1716693460317-0"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 jwrapper.JWrapper "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\unrestricted\JWLaunchProperties-1716693461132-3"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\ProgramData\SimpleHelp" /t /c /grant *S-1-1-0:(OI)(CI)F
C:\Windows\SysWOW64\icacls.exe
icacls "C:\ProgramData\SimpleHelp\ElevateSH" /t /c /grant *S-1-5-32-545:(OI)(CI)F
C:\Windows\SysWOW64\icacls.exe
icacls "C:\ProgramData\SimpleHelp\ElevateSH\*.*" /t /c /grant *S-1-1-0:(OI)(CI)F
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe -install C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5037789518799811657.service
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe
"C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe" "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5037789518799811657.service"
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe
"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5037789518799811657.service"
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe
"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\session_win.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\session_win.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49856" "127.0.0.1" "49857" "elevated"
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe
"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" -uninstallbyname ShTemporaryService61955389
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49856" "127.0.0.1" "49857" "elevated"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49937 127.0.0.1 49938 elevated_backup
Network
| Country | Destination | Domain | Proto |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49856 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49937 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49938 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\JWrapper-Windows32JRE-version[1].txt
| MD5 | 271563b96fbbff5dc3e04656f3f18923 |
| SHA1 | 7f6800a9d6112bf5c360d56f3b0c5c616260fee8 |
| SHA256 | b482d2aace7286c78a565879c3ac49b772e9bd9d003bed856542c2cee1049b22 |
| SHA512 | fc211920ee469a34e10444d65e9a909c934cfa1c6d332700d33c2aff9aa2201434dbb810ff03188904c9500638444435cbecc25e2b7598356236c8475b02763c |
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
| MD5 | 14a39388617fc5b75646ec85fc9ff9fd |
| SHA1 | ff215fe0b48b7ff5a43b02f25521788328a64a7f |
| SHA256 | ed4f04090a5d543627d49ff3693e6ab1ea7ef163d34acbaf46b6ee4b76ad12e8 |
| SHA512 | 48eac09ca862c3dd35436c837fa2db9d31394323e8540b1678315e9fd54b45583ae3d4180d353d3903ff1305750548b5fbac5e7276ed0e0112b0ea2d2d1f2b4e |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\MSVCR100.dll
| MD5 | 0e37fbfa79d349d672456923ec5fbbe3 |
| SHA1 | 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 |
| SHA256 | 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 |
| SHA512 | 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\crs-agent.jar.p2
| MD5 | 7618098477e433a3297beec060e38554 |
| SHA1 | e57585e7f78f8290a534bae6bbe85e89bf59b671 |
| SHA256 | 75e2fcd8e5db747c4f2619c67e9a6898b083318dbab0b4276052593a9ed22825 |
| SHA512 | fc46a67c3c7e3bcb0f3e8e2611a749692fe4c2cdf1ac89b9e5013ddc6f58bbab4d012e58cd85901f0d171c8ff5e9e5ca3c08811abac38d89776f67dd1b72b56e |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\crs-agent.jar
| MD5 | d1f7a7fb0a46eda64b92d27bf48ff07c |
| SHA1 | e26e4f4b326e4e1e3a47a27b10f4f7335efecaf3 |
| SHA256 | 2ee219b2825d2174e5a03ff15a7bc3fa2a72d6322672abb2bc3be2ba7153f550 |
| SHA512 | 6034451481dcf2d4483e5edaae6c60197cb3a7f6c0ec726c7b0f8209632523d24ed7e4548df2942ed18e93c2cdd08a8d4be483d5329dd400aa97543de2b865e0 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\charsets.jar.p2
| MD5 | c0b2c569c4c13afde2b4936c69899818 |
| SHA1 | 27587b733c46b704468baac99d5369558e04433b |
| SHA256 | a11a18c31f07b640ce37c8c6913f28d5ae361043efed7c4b7748129a581c9b72 |
| SHA512 | 77d5b289e6ab8354075058e9467490eeaab3640f953e5d534b68fdb966cc35b0351b7734f61a8f0e05c02648b6a6c1f7625537a6206d8a7a7cfc8c0ffa998d99 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\charsets.jar
| MD5 | be77261e5ea68f8d654979506c60098f |
| SHA1 | d9f45a45c6d24fd51af87edf995f3f074f26b625 |
| SHA256 | 4c0cf9049c1c9ec958c66338cc4e1e3e8f6e6203fc23c4df1ee25a27db1c3e7e |
| SHA512 | 9556424da462320a598d27b1e340fbacd2f34367767005d5b4dca03668b05b3e72ab8e5e95292823febceded3398ba1d6c7372b326a3d8da2d128e9d697c6c1b |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\jsse.jar.p2
| MD5 | d0b67b9950cc7c430f718b97d1fa5e9e |
| SHA1 | 570611a0cdcfeb970154f06efc39900b09a25e5d |
| SHA256 | f98ddeff204be7f6ff1b302476c0cb2d798ae6dff177cf3785f7a783671e184e |
| SHA512 | 154d86ba9963b64b298e544a836f9266637c04dcd9da947404aa3ba5b47d50fe6031709173f16afafcd909644865b0711018e8facb428a68608294d3d92ad74d |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\jsse.jar
| MD5 | aba762047180d748d13038c79a297273 |
| SHA1 | 2149fdcac374a7571fe5f838decd9f78159a8b8e |
| SHA256 | 452bed925863a3686bc9ec5caedf73668bb3b6347f13c6c5c48a93b33c76e6e2 |
| SHA512 | 8cc67b7bfdd045c040e560b3a0d07c9d8e5510cf18a9aaf59bd468614004e16389cbe06e4d5ddd689cf26aa4fe6939bd474cecd6ec7f630e109185c3b6b89770 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\jaccess.jar
| MD5 | 78e7e96c457dacd63ff8b91b18a18d94 |
| SHA1 | 7deeb6b1bb9cd5dd8e88e89b104036fb11a3a6e7 |
| SHA256 | cef2ccb8962a6d995e98df38c0370b0685a20dba56d492789535f075837664fe |
| SHA512 | 49278b823990c58a66513f09a2dcad30ba512a48f7529eedee1147e4cfbd9961908063f08c8b1cd51871f5d6d22d1450a32df1d762ca99895fb879aa2e1089e5 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\jaccess.jar.p2
| MD5 | 266b3cd165141350c4e97f70de125b8f |
| SHA1 | 38fb1ca72f034b4bdad5aff7d8f4a100fb4c6924 |
| SHA256 | 6e6e99bd2d0f532f3c297ecc2e14cc5379e4f86de78bdf8cc6615ec63992ccb2 |
| SHA512 | e1cc802757ff4d3a3deb64992188f60ff5841bed1d5351dbf39833a686b218b9be93f73d3c656601150ebdd60337eba84c2f98ced46a8190f1c62b4b7678a080 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunpkcs11.jar.p2
| MD5 | f70f2e791c4bc4f97e0cfd293efdfb00 |
| SHA1 | a5f9f5590777cfc7de8b7808f88fda67dcb3808a |
| SHA256 | dab578370c83bb0f88da5446c17c45ca2f173483ae7849cf1e1078651c5b3ae8 |
| SHA512 | e501635bb7b1a1cb9f61241a14f3ef0e7aaef20c93cea91167b1c7dca2d872fbb0d03990976598d06dc4f7bee9fc1dace90a404ca5bcaece92e99e6b7f7a0cf4 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunpkcs11.jar
| MD5 | 3b484d613b13097df94fc02830625fe3 |
| SHA1 | 2ae78e428005a2aa4c1c186e13b015ed8f626d98 |
| SHA256 | 0370bfd5c5b93a86d4ab384bd1954833b663037f922dffdd145b0c4708848f15 |
| SHA512 | 2696a1673c62b9e0b87f417b441babbae55dcfa36f631fee0907e8ab61e4d004a0a273668fe15474a7adb0d48a7009b58783e8173eb8bd73481f75f5b1293a1a |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge.jar.p2
| MD5 | 085cab8b3c0d6ae59b3fdc2b09ca7b2c |
| SHA1 | c9d1aa28415e4fc44c8935e2af8dac6b950f7c23 |
| SHA256 | 352f6c64c4742c49194ea23e75867c97dd445ca0ed3c29747a1b3149e05b8238 |
| SHA512 | 158f06e74faec63406fc8a968a0cf23a34013877c2f44c94ab1fb2bf0f9e928741cafeea658a104bd87d4cf68bac2b812486f8d73e163d4469b4bb6099d69125 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge.jar
| MD5 | f31be727c15312bb50baa9a60003594b |
| SHA1 | 1dc4bcbe28572e8d72d1afed9731d32a7985ae99 |
| SHA256 | 2868caaffcf13ae3d6d22831668e19d4200593190a1b88b714b62b3e47ac537d |
| SHA512 | 387b314f64f5ba5c72be7f1e834a62b8b72a984a36ee9dd53aa538fc26e2c343cba6e2485d15f517bd403e285455108d303b88d2db1d246f5990422a461fa1b0 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge-32.jar.p2
| MD5 | 65ff11c770d16063ae896517d60ea900 |
| SHA1 | c759cff5e6a08ae5c232b79ff95c58fce545f24e |
| SHA256 | 6707457e8d1aa16b08a77e6e44a69984ef5c784dbc8b65796d5df80ab0c4182c |
| SHA512 | d40cb1b633916aff909255293d1b567ee353ffbbda3517bd80d723b7fba1225f660b20599963c83bf28036b853280a9246ed1ca23633b805357651ec64046982 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge-32.jar
| MD5 | f2e03d50317928d981b77d1b01ad2f6e |
| SHA1 | 3f82255ba557b64664e3dbf9d8f2b6e4d611e9b2 |
| SHA256 | 33d0959c1d4f31a23b62c6c406f04acca9626b3f72963c88a6d407820cb58ad5 |
| SHA512 | 6de0e03130f1ed9d236f300b932e2a5d83d58a0841fe5cd7fd6e569384a2034ae37150ddb0d41a2af3b3b8c9432ef5d5427c5f36cd854ddd9df987a89f96276c |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\openjsse.jar.p2
| MD5 | 558a800e89bc6c647e2909a0c91dd9f8 |
| SHA1 | 8fcfec1b4e704661ff0c7599e0ee2ec60c69088c |
| SHA256 | ec51166a6f4796de2283de2a59e9143d953fe37bf9abbc71873a3978dbec85db |
| SHA512 | 19e585b8d1c13ab511ee66615442fb2bce3bb529225b623271a8f27a58d76d541434ac02b619d55bbca03f1f9adae94745bc1f2504eadc7f00220b49ba6c13bf |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\openjsse.jar
| MD5 | a2dd6baced76fe17ef8db6d6a6dca1ec |
| SHA1 | 26e46d9fb59464f895da1474ed0c545831311bd0 |
| SHA256 | 47545a341a3e7b99164150d000607e10b7b3a16caf3320090fc1e5c6128c13e1 |
| SHA512 | a9472630786ca3369c3e1d9303b5430eb744c962d7287b95d75caaf00d15ef735c985e5093cc2d36dabfccaab2782210f71eec1be3cd1cc05886eaa969ddc947 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\legacy8ujsse.jar.p2
| MD5 | 3b997068ed80236ba82703b7c8275621 |
| SHA1 | 63d2bbca29231220d5beb285c9cf263b4c93acb9 |
| SHA256 | 40799e64da3944f75ddb8e9a378c7d37fe8c94183f173717b2f08dad865cf89d |
| SHA512 | c67ca18a538ea12e0032728e575f25b11da6b847ec3eccceb59c53d18eddbc4d711d4684e8f60ed0da6e7149ab31a9f8c04ef45f5c5792ceb749c3f7e5b7ddb4 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\legacy8ujsse.jar
| MD5 | 80558729bb2edfc3b03b8dee73d527b4 |
| SHA1 | 521d59e97a3e254ecd9dd06b213ac0fda4c2983a |
| SHA256 | f17139ecb92b94a2a3909a5a2f2c8a5feee9afaf25e8cd2b5a8ab0fd3dd73c9e |
| SHA512 | 80e5785beb2de61ea8cc9882e94e3abf99917556467ebf935297a9e0f7376b313850cdb0ffea2d98ada9db8c6b3a6104572399667e8cfde0cd537775e445b0ad |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\cldrdata.jar.p2
| MD5 | fb3b52a77cd7d5c06ab18417b880cf85 |
| SHA1 | 16b32390dd4b20f215e9bd4652451ae110408dbc |
| SHA256 | d316bc002fa5a15622c5d4076f74a8f97fec63d4efbb9446e9cea101c66c051f |
| SHA512 | 6a1adb2b9d6969840277588c93f299c22ad167ac9cb3d4c4ae2b94d49a2e3301502ea54e2eb62b74b97d0324028e9bb6455ec078824d1ec9b5d6c02b3e2d9ca9 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\cldrdata.jar
| MD5 | 464e8a959d39d16b0e62f177f77eb7a3 |
| SHA1 | cc8fedb29aa80ea30f144ec6f1fd5594fac83622 |
| SHA256 | 70dda4e2247e7a7d8e78501679ac89ca3214d8a98ec8f332b9fbbd043fe88857 |
| SHA512 | 515872addf16a1ea2facf5c7ab70b987669d8cfa102705149528084375064ba9ca272b0d48eb7ae3774581524cca4c517c6be092ce1912bade9a36355662e05d |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunmscapi.jar.p2
| MD5 | ee900003bb298d82c1c1ab65bf0d1038 |
| SHA1 | ce744e382e9327f49527e4753bd9a316668bb836 |
| SHA256 | 9d37087d57531c4c8438c3fa64a506b08f71b5cb5462bff59d653d06d1170b22 |
| SHA512 | 845968c8192de9ca2a78c9da05041138eac5f80252b3cb1680b3ce2f0fdca99f68fab65f7fbefe71b8f0f953dc3bec4ad23708b1dde8e387525911dfaa16b5b3 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunmscapi.jar
| MD5 | e862f2417b9e605077b14bd40870f81b |
| SHA1 | b1af847865894e4aca999cf15254950a3adbc66a |
| SHA256 | c5a5dced73b692eaa10278c1798ab5703871d4813781239f3ab6155783d947e2 |
| SHA512 | 0164cfa331d7b0c469a9cc0876ae9722380dd63f19e08f12a1bb8e1c9c989e704d76c12a226cb4a90d09a57b0ab7c6bdb3f7cf4549f99a5f8df6ef104e490864 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\rt.jar.p2
| MD5 | a7ddd38de7a6d515978bd3786db5f475 |
| SHA1 | ae8b0b7204fc02113dc5b40cb2d6ee7dc7554ab8 |
| SHA256 | a7138824d761e3f2586f05226630c13fb538d405d095e5167c62b21390546daa |
| SHA512 | 46cae11274e4aea0ac75b069e4e9325386a3f82fd5aa00efd3e719ac4054c984f7b35760c99e7dc1b7b4ba09abcbf13e049c3b37fc51372fdf89faa2cc70a600 |
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\windowslauncher.exe
| MD5 | d56527919a78d6ac6cef8a9cb3d0b922 |
| SHA1 | d4ea8c6ff865334fa56d19e435e58cca8cff7e36 |
| SHA256 | 14f684600450cdbcdba40a554da7f96e7756b5733b4854f5b30b9a35d26cba4b |
| SHA512 | cd3bd8e33df78fde76827cee0ca9eab921c4bbce31aaf7b38d41d6a8d473a30ee5f50f3620741f57fd54a86a75ad11cee6f9a67c4c4b30e9987e1445af37f2b4 |
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\client\jvm.dll
| MD5 | ad097eba9b877fef2770f0d7c6aa8b66 |
| SHA1 | 7649970441014f1c7359e6602ce1c702eb6729a8 |
| SHA256 | 1bb778575301d60089b78705c59a895f4cbcde5f325445d40b2e14b9fb070d8b |
| SHA512 | 722a8d16d87642f4d3d7cd955d9a55ea0eb2dd4225f3b194acf2ac37eba3580fc1cb2b51a8fc1f493d75d6d4805b2722662cdcfa1a04d871da46cdf7a0626b64 |
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\java.dll
| MD5 | 62460b9fb42e5a5bb36cbfc8eed6935c |
| SHA1 | fd9c9d7c9c808f341bdf5a65df6160d6e8ba7cce |
| SHA256 | 20c9eed8ab86613bd6285756a7c20071ab0443ff62e4561c02527473e0dad658 |
| SHA512 | c94ab9fd0a600e37661c420b3108f37a0210996f09a1685f0f7bedebeb43c9e52340c850d681dd6444e640d22d4ec63d0cc82f53337d31cb112e087c6be4ca6c |
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\verify.dll
| MD5 | ed82ef325e016d1102a64f681010fff6 |
| SHA1 | 85a6e150fcc33f21989ce7b755b3365ddfc22148 |
| SHA256 | 7290333fb8deaa13e4c90bc3b4ae3b7c40cc03f18dcc107ad0aa44d704f52858 |
| SHA512 | 56a08c8e404309fae4de809baf95b35a45ff383b716519aa353cf4ad71623697ef5f1e6f54156c03a6f496f3721908395ba63dc661672b28937ebcfb532c0a38 |
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\zip.dll
| MD5 | a17752b09e0f94eedcc79697bd469d26 |
| SHA1 | ee0ec9fa38eccd85e3aa9b89a955af4cfbc23ed3 |
| SHA256 | 5bfcb6a7bed3ac63a5ad0d9ee5e350e618a78e90cc4220e0028708604671c001 |
| SHA512 | a88c17dd6ac9194db650df7a41475a1d01df3917a1bace3655f7abeb18d109ce1131fbadbcb4d58e73a5aab049f2db82116eb99715b08b95ffc5d78558f12a2e |
memory/2696-309-0x00000000002D0000-0x00000000002D1000-memory.dmp
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00094739807-complete\jwutils_win32.dll
| MD5 | 6c81694e80a30afdcb1fd52abe69c17a |
| SHA1 | bc5b890a25aaf397b386091ed38591386f5a7730 |
| SHA256 | 15efd7fbc433648e95450ece65ea27b2eb0c9142a8aab011660e0287eab366b2 |
| SHA512 | 2e8c095c2cd338057fef8b693e10f93eaf669111e67bd9a235b0903f25b016a9a2ce966a5f5086c415964d7b1eb3d35f1e45da592111c9722b1b6c2b0f5a3033 |
memory/2696-314-0x00000000035E0000-0x0000000003608000-memory.dmp
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWApps\JreNameOverride.afos_complete
| MD5 | 8fb5138ee86360cde03895fbcd12494d |
| SHA1 | 182872da6ad9990fbfdee722097047764f4a596c |
| SHA256 | cfccf59f10da9d264a641125c710a6d57e457a1081f23e899bfa3d06e3be2d41 |
| SHA512 | f315c3ea8519b935daf10a526303731aefd95de0535f871ef0927e92b86cdf5a1d967647e2af7fe54afd014e670db3f4d183ac00e0b81a4f757b703066030049 |
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\net.dll
| MD5 | ef1722dc5c18d6416a3c45a39a473f6f |
| SHA1 | 74c59c536a80e0430c5fdfd7424224fe08a4c5f0 |
| SHA256 | f892bd41cec077229c2b4a34fce9cc0c130dff2427f86f64cc4defb2a91a621f |
| SHA512 | 52cc61b7fb7b6b21f2fd784bf4dec54d17e90cc098bbdbd4a7064e6c2feea61c9ece0ca3ce3b3b8d5b6ef3e55e6b1ea74e147c68347585795bea9078e96e6c3e |
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\awt.dll
| MD5 | f8e52c9bb7928d2e4bfdbccdd0f20264 |
| SHA1 | 1df5a1a00fc862c42c1d5e1c89762c43af788a45 |
| SHA256 | efa39b2953c4646bf23bf36353f3e46e5252a62afb04db7eb9bcdec7c08cacfd |
| SHA512 | 2acf1ae7d6602cab01ee5b5e383f499bf8abeabb59bb817acf26d71890d928289029bb6e6968239a207dc86245367518e8579074761addabd44122fbe6914e47 |
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\nio.dll
| MD5 | 823b2c4761bec0121adf70f8ab5ce638 |
| SHA1 | 220610227a74e22050c1326fb2148bc4f953306b |
| SHA256 | 2c2a6fb722055d3385e481237399c6af1cc93abc77d9485276e8158d1715f168 |
| SHA512 | 842a0515ed1e4a81c3536032b7e3f1b0bb77922dd25eba8c38c70ccb2d8973424fa7cc001dffee03acf2681ef5fc3b7ec04dae3e6271a2a2d03c1dabe5a27771 |
memory/2696-355-0x00000000002D0000-0x00000000002D1000-memory.dmp
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00094739807-complete\unrestricted\JWrapper-Remote Support-splash.png
| MD5 | 0905b33d2e42db16dea325e538085f1c |
| SHA1 | c9aea4726f051096c590ecc3e8a466ba0eb1f186 |
| SHA256 | 82aefb52771e20875893ae177bffba49838332de4124a48b9f3285af537bbed1 |
| SHA512 | 5bc999a2fa812daaacdc4cb891deb63f84925096e03241f57599fd140a348be0be2e8c316b166e4fb54def17dabfa1c1bb84ce5cdb7b8a6ed17dd14206142327 |
memory/2696-373-0x0000000002110000-0x000000000211A000-memory.dmp
memory/2696-372-0x0000000002110000-0x000000000211A000-memory.dmp
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\freetype.dll
| MD5 | a0e41d3e1c157c9892acb3a44abcf0fd |
| SHA1 | 08f39ced0a1c4c5607bf8c14c0bb6d2d620a3dd1 |
| SHA256 | 23a8e28fa460ab9252b7418cb5ba7dee5c63f661297433d3ffd3d569fe9bae5e |
| SHA512 | 8502f989fdd615147f83912ba1327d4dd6c1f3ef9bdc43da62e766e951eff371e0371b2abc20f09eb4f86e6fa3f1118b52f00fc1db6099b11f10c10b36a8c047 |
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\fontmanager.dll
| MD5 | 86bfa090f82bc7b2dc351b06ce64c455 |
| SHA1 | e9e0cdd695738d4cbb39eddc48d5b5b2649c56a6 |
| SHA256 | 924dc9a985b26ef19958d17d23e18d8b8e2a552d8a11d0018014d21e632342eb |
| SHA512 | 1939d84a42aede06c76c9b8e6b5093ff60ecde7944b24e2c26cbe7b1c5e5223cac70f5779bbc5f21c6f97ee90728b084602d74f1ba011f875ba04a110c3d07df |
memory/2696-383-0x00000000002D0000-0x00000000002D1000-memory.dmp
memory/2696-389-0x00000000002D0000-0x00000000002D1000-memory.dmp
memory/2696-425-0x00000000002D0000-0x00000000002D1000-memory.dmp
memory/2696-443-0x00000000002D0000-0x00000000002D1000-memory.dmp
memory/2696-450-0x0000000073FA0000-0x000000007405F000-memory.dmp
memory/3060-492-0x00000000002B0000-0x00000000002B1000-memory.dmp
memory/3060-496-0x0000000000370000-0x0000000000398000-memory.dmp
memory/3060-504-0x00000000002B0000-0x00000000002B1000-memory.dmp
memory/2696-507-0x00000000002D0000-0x00000000002D1000-memory.dmp
memory/2696-506-0x00000000002D0000-0x00000000002D1000-memory.dmp
memory/3060-505-0x0000000073FA0000-0x000000007405F000-memory.dmp
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\unrestricted\jwLastRun
| MD5 | 1cd8f0f2bb608440bcec2b3cfb56f2bb |
| SHA1 | a3ae3ca22a82af547d5c0119c2b5a5f2a9a9ec7c |
| SHA256 | 7f126711846bda43d49c4463b50a7afe3363f5d871577e3c168222e351ceb036 |
| SHA512 | b59cd0071dfbcb991e109925f244a42045161d6e8b154b2dff7c4e86544dc07d9b263372977cd17a764dcada2a0874a9c557676776152b8234b44faed01cdee4 |
memory/2696-559-0x00000000002D0000-0x00000000002D1000-memory.dmp
memory/968-577-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/2696-580-0x0000000073FA0000-0x000000007405F000-memory.dmp
memory/968-582-0x0000000000530000-0x0000000000558000-memory.dmp
memory/968-596-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/968-600-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/968-604-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/968-610-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/968-612-0x0000000026540000-0x000000002654A000-memory.dmp
memory/968-611-0x0000000026540000-0x000000002654A000-memory.dmp
memory/968-614-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/968-631-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/968-645-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/968-649-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/968-653-0x0000000029A70000-0x0000000029AA0000-memory.dmp
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe
| MD5 | 871f2ae119ac463e75bbeabc1e925aa9 |
| SHA1 | 694d8b456abc255da9ec0e9b270116163cb5d132 |
| SHA256 | 313000b647e07fe9c08d538d160b5adb4849a7e2e19c16e5e0f188b176470229 |
| SHA512 | cd1e7eda3b0591b20587990bcacaadc2424d2f9f72d071c3c4efac4bbb16665c7b267ae332f95cadf1ca3501f3d7b9cbc9fbbd3cff07e1fc69bf3c9f805f1ce3 |
memory/968-707-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/968-708-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/2052-711-0x00000000002E0000-0x00000000002E1000-memory.dmp
memory/2052-743-0x00000000003E0000-0x00000000003EA000-memory.dmp
memory/2052-742-0x00000000003E0000-0x00000000003EA000-memory.dmp
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\branding\54U173U51U254G80\applet_splash.png
| MD5 | 908f0b4427cb290cf05dfb75eedc4798 |
| SHA1 | 12d8e39d44b9554aec02f10c0662fc054d81a17e |
| SHA256 | 338e09591dd92e6e0e334c4cc3550b9a944b2f399a8acc0caaab91c54dc387a2 |
| SHA512 | 99f0aa0588d69a714b525f5ee701861c2fec1dec44ceaa39311187f9b3ffc2701ccd443b1f5e0e83389728c101cb2bd90c51e06b2c24fbc6bb3153f216375761 |
C:\Users\Admin\AppData\Local\Temp\imageio3461796400321275444.tmp
| MD5 | 8bbdd39d01df58d2e28f7f632b783030 |
| SHA1 | 4d710aeae589844963f3b249a2a26f886bed1229 |
| SHA256 | b1784c0cdaca08d5d16d62a11cb73c0cc28fe0fdad54520ea0c9d5e047071a69 |
| SHA512 | 5ce20419e172d06d7b898e1bd5df75d90b559e37b67c74e5a67d2330d4805d6f41a6230467be4864496792b9d0c666f25172cface63b808e3a8f9cb9d43e89e7 |
memory/2332-840-0x00000000003D0000-0x00000000003DA000-memory.dmp
memory/2332-839-0x00000000003D0000-0x00000000003DA000-memory.dmp
memory/968-880-0x0000000026540000-0x000000002654A000-memory.dmp
memory/968-881-0x0000000026540000-0x000000002654A000-memory.dmp
memory/2052-884-0x00000000003E0000-0x00000000003EA000-memory.dmp
memory/2052-885-0x00000000003E0000-0x00000000003EA000-memory.dmp
memory/2332-887-0x00000000003D0000-0x00000000003DA000-memory.dmp
memory/2332-886-0x00000000003D0000-0x00000000003DA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 03:17
Reported
2024-05-26 03:19
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation | C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation | C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\session_win.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\session_win.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\crs-agent.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\crs-agent.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\charsets.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\charsets.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\jsse.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\jsse.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\jaccess.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\jaccess.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\sunpkcs11.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\access-bridge.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\access-bridge.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\access-bridge-32.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\access-bridge-32.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\openjsse.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\openjsse.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\legacy8ujsse.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\cldrdata.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\cldrdata.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\sunmscapi.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\sunmscapi.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\rt.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\rt.jar"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\windowslauncher.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\windowslauncher.exe" "-Xshare:dump"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote SupportECompatibility.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote SupportECompatibility.exe" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693447216-5\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 jwrapper.JWrapper "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693447216-5\unrestricted\JWLaunchProperties-1716693461200-0"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 jwrapper.JWrapper "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\unrestricted\JWLaunchProperties-1716693462221-3"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\ProgramData\SimpleHelp" /t /c /grant *S-1-1-0:(OI)(CI)F
C:\Windows\SysWOW64\icacls.exe
icacls "C:\ProgramData\SimpleHelp\ElevateSH" /t /c /grant *S-1-5-32-545:(OI)(CI)F
C:\Windows\SysWOW64\icacls.exe
icacls "C:\ProgramData\SimpleHelp\ElevateSH\*.*" /t /c /grant *S-1-1-0:(OI)(CI)F
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe -install C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher4139788020388414364.service
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe
"C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe" "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher4139788020388414364.service"
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe
"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher4139788020388414364.service"
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe
"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\session_win.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\session_win.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "55246" "127.0.0.1" "55247" "elevated"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "55246" "127.0.0.1" "55247" "elevated"
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper
"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 55328 127.0.0.1 55329 elevated_backup
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.51.173.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| US | 54.173.51.254:80 | 54.173.51.254 | tcp |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55246 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55328 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| US | 8.8.8.8:53 | 205.201.50.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00094739807-complete\nativesplash.png
| MD5 | 0905b33d2e42db16dea325e538085f1c |
| SHA1 | c9aea4726f051096c590ecc3e8a466ba0eb1f186 |
| SHA256 | 82aefb52771e20875893ae177bffba49838332de4124a48b9f3285af537bbed1 |
| SHA512 | 5bc999a2fa812daaacdc4cb891deb63f84925096e03241f57599fd140a348be0be2e8c316b166e4fb54def17dabfa1c1bb84ce5cdb7b8a6ed17dd14206142327 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TF1TYUIH\JWrapper-Windows32JRE-version[1].txt
| MD5 | 271563b96fbbff5dc3e04656f3f18923 |
| SHA1 | 7f6800a9d6112bf5c360d56f3b0c5c616260fee8 |
| SHA256 | b482d2aace7286c78a565879c3ac49b772e9bd9d003bed856542c2cee1049b22 |
| SHA512 | fc211920ee469a34e10444d65e9a909c934cfa1c6d332700d33c2aff9aa2201434dbb810ff03188904c9500638444435cbecc25e2b7598356236c8475b02763c |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\unpack200.exe
| MD5 | 14a39388617fc5b75646ec85fc9ff9fd |
| SHA1 | ff215fe0b48b7ff5a43b02f25521788328a64a7f |
| SHA256 | ed4f04090a5d543627d49ff3693e6ab1ea7ef163d34acbaf46b6ee4b76ad12e8 |
| SHA512 | 48eac09ca862c3dd35436c837fa2db9d31394323e8540b1678315e9fd54b45583ae3d4180d353d3903ff1305750548b5fbac5e7276ed0e0112b0ea2d2d1f2b4e |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\MSVCR100.dll
| MD5 | 0e37fbfa79d349d672456923ec5fbbe3 |
| SHA1 | 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 |
| SHA256 | 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 |
| SHA512 | 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\crs-agent.jar.p2
| MD5 | 7618098477e433a3297beec060e38554 |
| SHA1 | e57585e7f78f8290a534bae6bbe85e89bf59b671 |
| SHA256 | 75e2fcd8e5db747c4f2619c67e9a6898b083318dbab0b4276052593a9ed22825 |
| SHA512 | fc46a67c3c7e3bcb0f3e8e2611a749692fe4c2cdf1ac89b9e5013ddc6f58bbab4d012e58cd85901f0d171c8ff5e9e5ca3c08811abac38d89776f67dd1b72b56e |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\crs-agent.jar
| MD5 | d1f7a7fb0a46eda64b92d27bf48ff07c |
| SHA1 | e26e4f4b326e4e1e3a47a27b10f4f7335efecaf3 |
| SHA256 | 2ee219b2825d2174e5a03ff15a7bc3fa2a72d6322672abb2bc3be2ba7153f550 |
| SHA512 | 6034451481dcf2d4483e5edaae6c60197cb3a7f6c0ec726c7b0f8209632523d24ed7e4548df2942ed18e93c2cdd08a8d4be483d5329dd400aa97543de2b865e0 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\charsets.jar.p2
| MD5 | c0b2c569c4c13afde2b4936c69899818 |
| SHA1 | 27587b733c46b704468baac99d5369558e04433b |
| SHA256 | a11a18c31f07b640ce37c8c6913f28d5ae361043efed7c4b7748129a581c9b72 |
| SHA512 | 77d5b289e6ab8354075058e9467490eeaab3640f953e5d534b68fdb966cc35b0351b7734f61a8f0e05c02648b6a6c1f7625537a6206d8a7a7cfc8c0ffa998d99 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\charsets.jar
| MD5 | be77261e5ea68f8d654979506c60098f |
| SHA1 | d9f45a45c6d24fd51af87edf995f3f074f26b625 |
| SHA256 | 4c0cf9049c1c9ec958c66338cc4e1e3e8f6e6203fc23c4df1ee25a27db1c3e7e |
| SHA512 | 9556424da462320a598d27b1e340fbacd2f34367767005d5b4dca03668b05b3e72ab8e5e95292823febceded3398ba1d6c7372b326a3d8da2d128e9d697c6c1b |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\jsse.jar.p2
| MD5 | d0b67b9950cc7c430f718b97d1fa5e9e |
| SHA1 | 570611a0cdcfeb970154f06efc39900b09a25e5d |
| SHA256 | f98ddeff204be7f6ff1b302476c0cb2d798ae6dff177cf3785f7a783671e184e |
| SHA512 | 154d86ba9963b64b298e544a836f9266637c04dcd9da947404aa3ba5b47d50fe6031709173f16afafcd909644865b0711018e8facb428a68608294d3d92ad74d |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\jsse.jar
| MD5 | aba762047180d748d13038c79a297273 |
| SHA1 | 2149fdcac374a7571fe5f838decd9f78159a8b8e |
| SHA256 | 452bed925863a3686bc9ec5caedf73668bb3b6347f13c6c5c48a93b33c76e6e2 |
| SHA512 | 8cc67b7bfdd045c040e560b3a0d07c9d8e5510cf18a9aaf59bd468614004e16389cbe06e4d5ddd689cf26aa4fe6939bd474cecd6ec7f630e109185c3b6b89770 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\jaccess.jar.p2
| MD5 | 266b3cd165141350c4e97f70de125b8f |
| SHA1 | 38fb1ca72f034b4bdad5aff7d8f4a100fb4c6924 |
| SHA256 | 6e6e99bd2d0f532f3c297ecc2e14cc5379e4f86de78bdf8cc6615ec63992ccb2 |
| SHA512 | e1cc802757ff4d3a3deb64992188f60ff5841bed1d5351dbf39833a686b218b9be93f73d3c656601150ebdd60337eba84c2f98ced46a8190f1c62b4b7678a080 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\sunpkcs11.jar.p2
| MD5 | f70f2e791c4bc4f97e0cfd293efdfb00 |
| SHA1 | a5f9f5590777cfc7de8b7808f88fda67dcb3808a |
| SHA256 | dab578370c83bb0f88da5446c17c45ca2f173483ae7849cf1e1078651c5b3ae8 |
| SHA512 | e501635bb7b1a1cb9f61241a14f3ef0e7aaef20c93cea91167b1c7dca2d872fbb0d03990976598d06dc4f7bee9fc1dace90a404ca5bcaece92e99e6b7f7a0cf4 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\jaccess.jar
| MD5 | 78e7e96c457dacd63ff8b91b18a18d94 |
| SHA1 | 7deeb6b1bb9cd5dd8e88e89b104036fb11a3a6e7 |
| SHA256 | cef2ccb8962a6d995e98df38c0370b0685a20dba56d492789535f075837664fe |
| SHA512 | 49278b823990c58a66513f09a2dcad30ba512a48f7529eedee1147e4cfbd9961908063f08c8b1cd51871f5d6d22d1450a32df1d762ca99895fb879aa2e1089e5 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\sunpkcs11.jar
| MD5 | 3b484d613b13097df94fc02830625fe3 |
| SHA1 | 2ae78e428005a2aa4c1c186e13b015ed8f626d98 |
| SHA256 | 0370bfd5c5b93a86d4ab384bd1954833b663037f922dffdd145b0c4708848f15 |
| SHA512 | 2696a1673c62b9e0b87f417b441babbae55dcfa36f631fee0907e8ab61e4d004a0a273668fe15474a7adb0d48a7009b58783e8173eb8bd73481f75f5b1293a1a |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\access-bridge.jar.p2
| MD5 | 085cab8b3c0d6ae59b3fdc2b09ca7b2c |
| SHA1 | c9d1aa28415e4fc44c8935e2af8dac6b950f7c23 |
| SHA256 | 352f6c64c4742c49194ea23e75867c97dd445ca0ed3c29747a1b3149e05b8238 |
| SHA512 | 158f06e74faec63406fc8a968a0cf23a34013877c2f44c94ab1fb2bf0f9e928741cafeea658a104bd87d4cf68bac2b812486f8d73e163d4469b4bb6099d69125 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\access-bridge.jar
| MD5 | f31be727c15312bb50baa9a60003594b |
| SHA1 | 1dc4bcbe28572e8d72d1afed9731d32a7985ae99 |
| SHA256 | 2868caaffcf13ae3d6d22831668e19d4200593190a1b88b714b62b3e47ac537d |
| SHA512 | 387b314f64f5ba5c72be7f1e834a62b8b72a984a36ee9dd53aa538fc26e2c343cba6e2485d15f517bd403e285455108d303b88d2db1d246f5990422a461fa1b0 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\access-bridge-32.jar.p2
| MD5 | 65ff11c770d16063ae896517d60ea900 |
| SHA1 | c759cff5e6a08ae5c232b79ff95c58fce545f24e |
| SHA256 | 6707457e8d1aa16b08a77e6e44a69984ef5c784dbc8b65796d5df80ab0c4182c |
| SHA512 | d40cb1b633916aff909255293d1b567ee353ffbbda3517bd80d723b7fba1225f660b20599963c83bf28036b853280a9246ed1ca23633b805357651ec64046982 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\access-bridge-32.jar
| MD5 | f2e03d50317928d981b77d1b01ad2f6e |
| SHA1 | 3f82255ba557b64664e3dbf9d8f2b6e4d611e9b2 |
| SHA256 | 33d0959c1d4f31a23b62c6c406f04acca9626b3f72963c88a6d407820cb58ad5 |
| SHA512 | 6de0e03130f1ed9d236f300b932e2a5d83d58a0841fe5cd7fd6e569384a2034ae37150ddb0d41a2af3b3b8c9432ef5d5427c5f36cd854ddd9df987a89f96276c |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\openjsse.jar.p2
| MD5 | 558a800e89bc6c647e2909a0c91dd9f8 |
| SHA1 | 8fcfec1b4e704661ff0c7599e0ee2ec60c69088c |
| SHA256 | ec51166a6f4796de2283de2a59e9143d953fe37bf9abbc71873a3978dbec85db |
| SHA512 | 19e585b8d1c13ab511ee66615442fb2bce3bb529225b623271a8f27a58d76d541434ac02b619d55bbca03f1f9adae94745bc1f2504eadc7f00220b49ba6c13bf |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\openjsse.jar
| MD5 | a2dd6baced76fe17ef8db6d6a6dca1ec |
| SHA1 | 26e46d9fb59464f895da1474ed0c545831311bd0 |
| SHA256 | 47545a341a3e7b99164150d000607e10b7b3a16caf3320090fc1e5c6128c13e1 |
| SHA512 | a9472630786ca3369c3e1d9303b5430eb744c962d7287b95d75caaf00d15ef735c985e5093cc2d36dabfccaab2782210f71eec1be3cd1cc05886eaa969ddc947 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\legacy8ujsse.jar.p2
| MD5 | 3b997068ed80236ba82703b7c8275621 |
| SHA1 | 63d2bbca29231220d5beb285c9cf263b4c93acb9 |
| SHA256 | 40799e64da3944f75ddb8e9a378c7d37fe8c94183f173717b2f08dad865cf89d |
| SHA512 | c67ca18a538ea12e0032728e575f25b11da6b847ec3eccceb59c53d18eddbc4d711d4684e8f60ed0da6e7149ab31a9f8c04ef45f5c5792ceb749c3f7e5b7ddb4 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\legacy8ujsse.jar
| MD5 | 80558729bb2edfc3b03b8dee73d527b4 |
| SHA1 | 521d59e97a3e254ecd9dd06b213ac0fda4c2983a |
| SHA256 | f17139ecb92b94a2a3909a5a2f2c8a5feee9afaf25e8cd2b5a8ab0fd3dd73c9e |
| SHA512 | 80e5785beb2de61ea8cc9882e94e3abf99917556467ebf935297a9e0f7376b313850cdb0ffea2d98ada9db8c6b3a6104572399667e8cfde0cd537775e445b0ad |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\cldrdata.jar.p2
| MD5 | fb3b52a77cd7d5c06ab18417b880cf85 |
| SHA1 | 16b32390dd4b20f215e9bd4652451ae110408dbc |
| SHA256 | d316bc002fa5a15622c5d4076f74a8f97fec63d4efbb9446e9cea101c66c051f |
| SHA512 | 6a1adb2b9d6969840277588c93f299c22ad167ac9cb3d4c4ae2b94d49a2e3301502ea54e2eb62b74b97d0324028e9bb6455ec078824d1ec9b5d6c02b3e2d9ca9 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\cldrdata.jar
| MD5 | 464e8a959d39d16b0e62f177f77eb7a3 |
| SHA1 | cc8fedb29aa80ea30f144ec6f1fd5594fac83622 |
| SHA256 | 70dda4e2247e7a7d8e78501679ac89ca3214d8a98ec8f332b9fbbd043fe88857 |
| SHA512 | 515872addf16a1ea2facf5c7ab70b987669d8cfa102705149528084375064ba9ca272b0d48eb7ae3774581524cca4c517c6be092ce1912bade9a36355662e05d |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\sunmscapi.jar.p2
| MD5 | ee900003bb298d82c1c1ab65bf0d1038 |
| SHA1 | ce744e382e9327f49527e4753bd9a316668bb836 |
| SHA256 | 9d37087d57531c4c8438c3fa64a506b08f71b5cb5462bff59d653d06d1170b22 |
| SHA512 | 845968c8192de9ca2a78c9da05041138eac5f80252b3cb1680b3ce2f0fdca99f68fab65f7fbefe71b8f0f953dc3bec4ad23708b1dde8e387525911dfaa16b5b3 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\ext\sunmscapi.jar
| MD5 | e862f2417b9e605077b14bd40870f81b |
| SHA1 | b1af847865894e4aca999cf15254950a3adbc66a |
| SHA256 | c5a5dced73b692eaa10278c1798ab5703871d4813781239f3ab6155783d947e2 |
| SHA512 | 0164cfa331d7b0c469a9cc0876ae9722380dd63f19e08f12a1bb8e1c9c989e704d76c12a226cb4a90d09a57b0ab7c6bdb3f7cf4549f99a5f8df6ef104e490864 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\lib\rt.jar.p2
| MD5 | a7ddd38de7a6d515978bd3786db5f475 |
| SHA1 | ae8b0b7204fc02113dc5b40cb2d6ee7dc7554ab8 |
| SHA256 | a7138824d761e3f2586f05226630c13fb538d405d095e5167c62b21390546daa |
| SHA512 | 46cae11274e4aea0ac75b069e4e9325386a3f82fd5aa00efd3e719ac4054c984f7b35760c99e7dc1b7b4ba09abcbf13e049c3b37fc51372fdf89faa2cc70a600 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693429-0-app\bin\windowslauncher.exe
| MD5 | d56527919a78d6ac6cef8a9cb3d0b922 |
| SHA1 | d4ea8c6ff865334fa56d19e435e58cca8cff7e36 |
| SHA256 | 14f684600450cdbcdba40a554da7f96e7756b5733b4854f5b30b9a35d26cba4b |
| SHA512 | cd3bd8e33df78fde76827cee0ca9eab921c4bbce31aaf7b38d41d6a8d473a30ee5f50f3620741f57fd54a86a75ad11cee6f9a67c4c4b30e9987e1445af37f2b4 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\client\jvm.dll
| MD5 | ad097eba9b877fef2770f0d7c6aa8b66 |
| SHA1 | 7649970441014f1c7359e6602ce1c702eb6729a8 |
| SHA256 | 1bb778575301d60089b78705c59a895f4cbcde5f325445d40b2e14b9fb070d8b |
| SHA512 | 722a8d16d87642f4d3d7cd955d9a55ea0eb2dd4225f3b194acf2ac37eba3580fc1cb2b51a8fc1f493d75d6d4805b2722662cdcfa1a04d871da46cdf7a0626b64 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\verify.dll
| MD5 | ed82ef325e016d1102a64f681010fff6 |
| SHA1 | 85a6e150fcc33f21989ce7b755b3365ddfc22148 |
| SHA256 | 7290333fb8deaa13e4c90bc3b4ae3b7c40cc03f18dcc107ad0aa44d704f52858 |
| SHA512 | 56a08c8e404309fae4de809baf95b35a45ff383b716519aa353cf4ad71623697ef5f1e6f54156c03a6f496f3721908395ba63dc661672b28937ebcfb532c0a38 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\java.dll
| MD5 | 62460b9fb42e5a5bb36cbfc8eed6935c |
| SHA1 | fd9c9d7c9c808f341bdf5a65df6160d6e8ba7cce |
| SHA256 | 20c9eed8ab86613bd6285756a7c20071ab0443ff62e4561c02527473e0dad658 |
| SHA512 | c94ab9fd0a600e37661c420b3108f37a0210996f09a1685f0f7bedebeb43c9e52340c850d681dd6444e640d22d4ec63d0cc82f53337d31cb112e087c6be4ca6c |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\zip.dll
| MD5 | a17752b09e0f94eedcc79697bd469d26 |
| SHA1 | ee0ec9fa38eccd85e3aa9b89a955af4cfbc23ed3 |
| SHA256 | 5bfcb6a7bed3ac63a5ad0d9ee5e350e618a78e90cc4220e0028708604671c001 |
| SHA512 | a88c17dd6ac9194db650df7a41475a1d01df3917a1bace3655f7abeb18d109ce1131fbadbcb4d58e73a5aab049f2db82116eb99715b08b95ffc5d78558f12a2e |
memory/2412-287-0x0000000002280000-0x0000000002281000-memory.dmp
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00094739807-complete\jwutils_win32.dll
| MD5 | 6c81694e80a30afdcb1fd52abe69c17a |
| SHA1 | bc5b890a25aaf397b386091ed38591386f5a7730 |
| SHA256 | 15efd7fbc433648e95450ece65ea27b2eb0c9142a8aab011660e0287eab366b2 |
| SHA512 | 2e8c095c2cd338057fef8b693e10f93eaf669111e67bd9a235b0903f25b016a9a2ce966a5f5086c415964d7b1eb3d35f1e45da592111c9722b1b6c2b0f5a3033 |
memory/2412-294-0x0000000002FD0000-0x0000000002FF8000-memory.dmp
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWApps\JreNameOverride.afos_complete
| MD5 | 8fb5138ee86360cde03895fbcd12494d |
| SHA1 | 182872da6ad9990fbfdee722097047764f4a596c |
| SHA256 | cfccf59f10da9d264a641125c710a6d57e457a1081f23e899bfa3d06e3be2d41 |
| SHA512 | f315c3ea8519b935daf10a526303731aefd95de0535f871ef0927e92b86cdf5a1d967647e2af7fe54afd014e670db3f4d183ac00e0b81a4f757b703066030049 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\net.dll
| MD5 | ef1722dc5c18d6416a3c45a39a473f6f |
| SHA1 | 74c59c536a80e0430c5fdfd7424224fe08a4c5f0 |
| SHA256 | f892bd41cec077229c2b4a34fce9cc0c130dff2427f86f64cc4defb2a91a621f |
| SHA512 | 52cc61b7fb7b6b21f2fd784bf4dec54d17e90cc098bbdbd4a7064e6c2feea61c9ece0ca3ce3b3b8d5b6ef3e55e6b1ea74e147c68347585795bea9078e96e6c3e |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\awt.dll
| MD5 | f8e52c9bb7928d2e4bfdbccdd0f20264 |
| SHA1 | 1df5a1a00fc862c42c1d5e1c89762c43af788a45 |
| SHA256 | efa39b2953c4646bf23bf36353f3e46e5252a62afb04db7eb9bcdec7c08cacfd |
| SHA512 | 2acf1ae7d6602cab01ee5b5e383f499bf8abeabb59bb817acf26d71890d928289029bb6e6968239a207dc86245367518e8579074761addabd44122fbe6914e47 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\nio.dll
| MD5 | 823b2c4761bec0121adf70f8ab5ce638 |
| SHA1 | 220610227a74e22050c1326fb2148bc4f953306b |
| SHA256 | 2c2a6fb722055d3385e481237399c6af1cc93abc77d9485276e8158d1715f168 |
| SHA512 | 842a0515ed1e4a81c3536032b7e3f1b0bb77922dd25eba8c38c70ccb2d8973424fa7cc001dffee03acf2681ef5fc3b7ec04dae3e6271a2a2d03c1dabe5a27771 |
memory/2412-340-0x0000000002280000-0x0000000002281000-memory.dmp
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\freetype.dll
| MD5 | a0e41d3e1c157c9892acb3a44abcf0fd |
| SHA1 | 08f39ced0a1c4c5607bf8c14c0bb6d2d620a3dd1 |
| SHA256 | 23a8e28fa460ab9252b7418cb5ba7dee5c63f661297433d3ffd3d569fe9bae5e |
| SHA512 | 8502f989fdd615147f83912ba1327d4dd6c1f3ef9bdc43da62e766e951eff371e0371b2abc20f09eb4f86e6fa3f1118b52f00fc1db6099b11f10c10b36a8c047 |
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\fontmanager.dll
| MD5 | 86bfa090f82bc7b2dc351b06ce64c455 |
| SHA1 | e9e0cdd695738d4cbb39eddc48d5b5b2649c56a6 |
| SHA256 | 924dc9a985b26ef19958d17d23e18d8b8e2a552d8a11d0018014d21e632342eb |
| SHA512 | 1939d84a42aede06c76c9b8e6b5093ff60ecde7944b24e2c26cbe7b1c5e5223cac70f5779bbc5f21c6f97ee90728b084602d74f1ba011f875ba04a110c3d07df |
memory/2412-372-0x0000000002280000-0x0000000002281000-memory.dmp
memory/2412-388-0x0000000002280000-0x0000000002281000-memory.dmp
memory/2412-389-0x0000000002280000-0x0000000002281000-memory.dmp
memory/2412-421-0x0000000002280000-0x0000000002281000-memory.dmp
memory/2412-427-0x0000000002280000-0x0000000002281000-memory.dmp
memory/2412-432-0x0000000002280000-0x0000000002281000-memory.dmp
memory/4060-487-0x0000000000620000-0x0000000000621000-memory.dmp
memory/4060-490-0x0000000000620000-0x0000000000621000-memory.dmp
memory/4060-491-0x0000000000A70000-0x0000000000A98000-memory.dmp
memory/4060-499-0x0000000000620000-0x0000000000621000-memory.dmp
memory/2412-500-0x0000000002280000-0x0000000002281000-memory.dmp
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\unrestricted\jwLastRun
| MD5 | 004a6afa93d0835fa50655caa945f00e |
| SHA1 | aa6940d923e1f4c494626940ac2fb0a3d7912a03 |
| SHA256 | 3c94fb77d96d5e2195a18b5ca79cebacf65a847d4a96f5cb51359828c381bd22 |
| SHA512 | 14bd55031cb14eb1c087d59aac1426b35e3ad9a323fae6a55d09d71781b606b3f3c269f9637bbcbbc226e9706e9d38132506c50073c1b6083e0c6107c5d798f0 |
memory/2412-558-0x0000000002280000-0x0000000002281000-memory.dmp
memory/4564-568-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4564-571-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4564-572-0x0000000025950000-0x0000000025978000-memory.dmp
memory/4564-589-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4564-586-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4564-595-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4564-600-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4564-636-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4564-641-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4564-646-0x000000002C180000-0x000000002C1B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\utils_wnative_intel-32.dll
| MD5 | 9f3b9d97b458ff6fe7742bfc8518d7be |
| SHA1 | ae02180e10b0c05c6d2ee9c649efdc608781c830 |
| SHA256 | 427df5b4274307d79d138c17e796473cb7f580198b17a8b3bf050a268aeec358 |
| SHA512 | b6e9d3d26b11c2b5136174ea38c39b09200e0ef0d61b48a097c4c047f5e9c1b16e5a49dd3978d5e566a08fd1c84cea8203d272d6d6d538f86a10e3f3b9f53fd3 |
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe
| MD5 | 871f2ae119ac463e75bbeabc1e925aa9 |
| SHA1 | 694d8b456abc255da9ec0e9b270116163cb5d132 |
| SHA256 | 313000b647e07fe9c08d538d160b5adb4849a7e2e19c16e5e0f188b176470229 |
| SHA512 | cd1e7eda3b0591b20587990bcacaadc2424d2f9f72d071c3c4efac4bbb16665c7b267ae332f95cadf1ca3501f3d7b9cbc9fbbd3cff07e1fc69bf3c9f805f1ce3 |
memory/4564-675-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4564-676-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4564-687-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4564-692-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/740-720-0x0000000002080000-0x0000000002081000-memory.dmp
memory/740-729-0x0000000002080000-0x0000000002081000-memory.dmp
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\branding\54U173U51U254G80\applet_splash.png
| MD5 | 908f0b4427cb290cf05dfb75eedc4798 |
| SHA1 | 12d8e39d44b9554aec02f10c0662fc054d81a17e |
| SHA256 | 338e09591dd92e6e0e334c4cc3550b9a944b2f399a8acc0caaab91c54dc387a2 |
| SHA512 | 99f0aa0588d69a714b525f5ee701861c2fec1dec44ceaa39311187f9b3ffc2701ccd443b1f5e0e83389728c101cb2bd90c51e06b2c24fbc6bb3153f216375761 |
C:\Users\Admin\AppData\Local\Temp\imageio7928323376054203112.tmp
| MD5 | 8bbdd39d01df58d2e28f7f632b783030 |
| SHA1 | 4d710aeae589844963f3b249a2a26f886bed1229 |
| SHA256 | b1784c0cdaca08d5d16d62a11cb73c0cc28fe0fdad54520ea0c9d5e047071a69 |
| SHA512 | 5ce20419e172d06d7b898e1bd5df75d90b559e37b67c74e5a67d2330d4805d6f41a6230467be4864496792b9d0c666f25172cface63b808e3a8f9cb9d43e89e7 |